package com.tencent.qapmsdk.base.config;

import android.app.Application;
import android.content.res.AssetManager;
import android.util.Base64;
import com.tencent.qapmsdk.base.meta.BaseInfo;
import com.tencent.qapmsdk.common.logger.Logger;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.TypeCastException;
import kotlin.collections.t;
import kotlin.j;
import kotlin.jvm.internal.s;
import kotlin.text.m;
import kotlin.v;

/* compiled from: ApmCertConfig.kt */
@j
/* loaded from: classes3.dex */
public final class ApmCertConfig {
    private static final String TAG = "QAPM_base_CertConfig";
    private static SSLSocketFactory apmSocketFactory;
    private static MessageDigest digest;
    private static KeyStore keyStore;
    private static SSLSocketFactory userSocketFactory;
    public static final ApmCertConfig INSTANCE = new ApmCertConfig();
    private static final ArrayList<String> certs = new ArrayList<>();
    private static final ArrayList<String> certsByApm = new ArrayList<>();
    private static final ArrayList<String> pubKeys = new ArrayList<>();

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ApmCertConfig.kt */
    @j
    /* loaded from: classes3.dex */
    public static final class a implements X509TrustManager {
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            byte[] bArr;
            String encodeToString;
            if (x509CertificateArr != null) {
                try {
                    if (!(x509CertificateArr.length == 0) && str != null) {
                        if (!(str.length() == 0)) {
                            for (X509Certificate x509Certificate : x509CertificateArr) {
                                try {
                                    MessageDigest access$getDigest$p = ApmCertConfig.access$getDigest$p(ApmCertConfig.INSTANCE);
                                    if (access$getDigest$p != null) {
                                        PublicKey publicKey = x509Certificate.getPublicKey();
                                        s.b(publicKey, "certificate.publicKey");
                                        bArr = access$getDigest$p.digest(publicKey.getEncoded());
                                    } else {
                                        bArr = null;
                                    }
                                    encodeToString = Base64.encodeToString(bArr, 0);
                                    s.b(encodeToString, "Base64.encodeToString(sha256, Base64.DEFAULT)");
                                } catch (NoSuchAlgorithmException e) {
                                    Logger.f14751b.e(ApmCertConfig.TAG, "checkServerTrusted error:" + e);
                                }
                                if (encodeToString == null) {
                                    throw new TypeCastException("null cannot be cast to non-null type kotlin.CharSequence");
                                    break;
                                } else {
                                    if (ApmCertConfig.access$getPubKeys$p(ApmCertConfig.INSTANCE).contains(m.b((CharSequence) encodeToString).toString())) {
                                        return;
                                    }
                                }
                            }
                            throw new CertificateException("not found certificate");
                        }
                    }
                } catch (Exception e2) {
                    throw new CertificateException("error in validating certificate", e2);
                }
            }
            throw new IllegalArgumentException("null or zero-length parameter");
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* compiled from: ApmCertConfig.kt */
    @j
    /* loaded from: classes3.dex */
    public static final class b implements X509TrustManager {
        b() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509Certificates, String s) {
            s.d(x509Certificates, "x509Certificates");
            s.d(s, "s");
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            if (x509CertificateArr != null) {
                try {
                    boolean z = true;
                    if (!(x509CertificateArr.length == 0) && str != null) {
                        if (str.length() != 0) {
                            z = false;
                        }
                        if (!z) {
                            return;
                        }
                    }
                } catch (Exception e) {
                    throw new CertificateException("error in validating certificate", e);
                }
            }
            throw new IllegalArgumentException("null or zero-length parameter");
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    static {
        try {
            KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore = keyStore2;
            if (keyStore2 != null) {
                keyStore2.load(null, null);
            }
        } catch (Exception unused) {
            Logger.f14751b.e("init keyStore fail");
        }
        try {
            digest = MessageDigest.getInstance("SHA-256");
        } catch (Exception unused2) {
            Logger.f14751b.e("init SHA-256 fail");
        }
    }

    private ApmCertConfig() {
    }

    public static final /* synthetic */ MessageDigest access$getDigest$p(ApmCertConfig apmCertConfig) {
        return digest;
    }

    public static final /* synthetic */ ArrayList access$getPubKeys$p(ApmCertConfig apmCertConfig) {
        return pubKeys;
    }

    public static final void addAllCert(List<String> list) {
        if (list != null) {
            certs.addAll(list);
        }
    }

    public static final void addAllPubKey(List<byte[]> list) {
        if (list != null) {
            Iterator it = t.d((Iterable) list).iterator();
            while (it.hasNext()) {
                addPubKey((byte[]) it.next());
            }
        }
    }

    public static final void addCert(String str) {
        if (str != null) {
            certs.add(str);
        }
    }

    public static final void addCertByApm(String str) {
        if (str != null) {
            ArrayList<String> arrayList = certsByApm;
            if (arrayList.contains(str)) {
                return;
            }
            arrayList.add(str);
        }
    }

    public static final void addPubKey(byte[] bArr) {
        if (bArr != null) {
            try {
                MessageDigest messageDigest = digest;
                byte[] digest2 = messageDigest != null ? messageDigest.digest(bArr) : null;
                if (digest2 != null) {
                    String sha = Base64.encodeToString(digest2, 0);
                    ArrayList<String> arrayList = pubKeys;
                    s.b(sha, "sha");
                    if (sha == null) {
                        throw new TypeCastException("null cannot be cast to non-null type kotlin.CharSequence");
                    }
                    arrayList.add(m.b((CharSequence) sha).toString());
                }
            } catch (Exception e) {
                Logger.f14751b.w(TAG, "add pubKey failed, e = " + e.getMessage());
            }
        }
    }

    private final SSLSocketFactory getDefaultFactory(SSLContext sSLContext) {
        sSLContext.init(null, new TrustManager[]{new b()}, null);
        SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
        s.b(socketFactory, "ssl.socketFactory");
        return socketFactory;
    }

    private final SSLSocketFactory getSSLSocketFactory() {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        s.b(sSLContext, "SSLContext.getInstance(\"TLS\")");
        ArrayList<String> arrayList = certs;
        if ((!arrayList.isEmpty() || !pubKeys.isEmpty() || !certsByApm.isEmpty()) && keyStore != null) {
            TrustManager[] trustManagerArr = (TrustManager[]) null;
            if (arrayList.size() > 0 || certsByApm.size() > 0) {
                Iterator<T> it = arrayList.iterator();
                while (it.hasNext()) {
                    INSTANCE.loadCert((String) it.next(), true);
                }
                Iterator<T> it2 = certsByApm.iterator();
                while (it2.hasNext()) {
                    INSTANCE.loadCert((String) it2.next(), false);
                }
                String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
                s.b(defaultAlgorithm, "TrustManagerFactory.getDefaultAlgorithm()");
                try {
                    TrustManagerFactory tmf = TrustManagerFactory.getInstance(defaultAlgorithm);
                    tmf.init(keyStore);
                    s.b(tmf, "tmf");
                    trustManagerArr = tmf.getTrustManagers();
                } catch (Exception unused) {
                    Logger.f14751b.e(TAG, "TrustManagerFactory init failed");
                }
            }
            int length = trustManagerArr != null ? trustManagerArr.length : 0;
            ArrayList<String> arrayList2 = pubKeys;
            if (arrayList2.size() > 0) {
                length++;
            }
            TrustManager[] trustManagerArr2 = new TrustManager[length];
            if (trustManagerArr != null) {
                if (!(trustManagerArr.length == 0)) {
                    System.arraycopy(trustManagerArr, 0, trustManagerArr2, 0, trustManagerArr.length);
                }
            }
            if (arrayList2.size() > 0) {
                trustManagerArr2[length - 1] = new a();
            }
            try {
                sSLContext.init(null, trustManagerArr2, null);
            } catch (Exception e) {
                Logger.f14751b.w(TAG, "init ssl failed, " + e);
            }
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            s.b(socketFactory, "ssl.socketFactory");
            return socketFactory;
        }
        return getDefaultFactory(sSLContext);
    }

    private final void loadCert(String str, boolean z) {
        KeyStore keyStore2;
        ByteArrayInputStream byteArrayInputStream;
        AssetManager assets;
        if (str == null || (keyStore2 = keyStore) == null) {
            return;
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            s.b(certificateFactory, "CertificateFactory.getInstance(\"X.509\")");
            if (z) {
                Application application = BaseInfo.f14550a;
                byteArrayInputStream = (application == null || (assets = application.getAssets()) == null) ? null : assets.open(str);
            } else {
                byteArrayInputStream = new ByteArrayInputStream(Base64.decode(str, 0));
            }
            if (byteArrayInputStream == null) {
                return;
            }
            InputStream inputStream = byteArrayInputStream;
            Throwable th = (Throwable) null;
            try {
                Certificate generateCertificate = certificateFactory.generateCertificate(inputStream);
                s.b(generateCertificate, "cf.generateCertificate(caInput)");
                keyStore2.setCertificateEntry(str, generateCertificate);
                v vVar = v.f20905a;
                kotlin.io.b.a(inputStream, th);
            } finally {
            }
        } catch (Exception e) {
            Logger.f14751b.a(TAG, "not found " + str + ", ", e);
        }
    }

    public static final void setCustomSSLSocketFactory(SSLSocketFactory sSLSocketFactory) {
        if (sSLSocketFactory != null) {
            userSocketFactory = sSLSocketFactory;
        }
    }

    public final SSLSocketFactory getFactory() {
        SSLSocketFactory sSLSocketFactory = userSocketFactory;
        if (sSLSocketFactory == null) {
            if (apmSocketFactory == null) {
                apmSocketFactory = getSSLSocketFactory();
            }
            sSLSocketFactory = apmSocketFactory;
            if (sSLSocketFactory == null) {
                throw new TypeCastException("null cannot be cast to non-null type javax.net.ssl.SSLSocketFactory");
            }
        } else if (sSLSocketFactory == null) {
            throw new TypeCastException("null cannot be cast to non-null type javax.net.ssl.SSLSocketFactory");
        }
        return sSLSocketFactory;
    }
}
